diff options
| author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2014-08-17 17:38:38 +0400 |
|---|---|---|
| committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2014-08-27 13:25:49 +0400 |
| commit | a1ce33ebf8425c77e46094546f2c06c03f68d71d (patch) | |
| tree | 4dfec78e5405d1363af69be2f579b3e153ee49ca /doc | |
| parent | Remove useless -include() (diff) | |
Automatically remove IPs from ban, add the documentation
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guide.tex | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/doc/guide.tex b/doc/guide.tex index 69cc900f..8e2b9104 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -72,6 +72,7 @@ \newcommand{\modconfigure}{\module{mod\_configure}} \newcommand{\moddisco}{\module{mod\_disco}} \newcommand{\modecho}{\module{mod\_echo}} +\newcommand{\modfailban}{\module{mod\_fail2ban}} \newcommand{\modhttpbind}{\module{mod\_http\_bind}} \newcommand{\modhttpfileserver}{\module{mod\_http\_fileserver}} \newcommand{\modirc}{\module{mod\_irc}} @@ -2783,6 +2784,7 @@ The following table lists all modules included in \ejabberd{}. \hline \modconfigure{} & Server configuration using Ad-Hoc & \modadhoc{} \\ \hline \ahrefloc{moddisco}{\moddisco{}} & Service Discovery (\xepref{0030}) & \\ \hline \ahrefloc{modecho}{\modecho{}} & Echoes XMPP stanzas & \\ + \hline \ahrefloc{modfail2ban}{\modfailban{}} & Bans IPs that show the malicious signs & \\ \hline \ahrefloc{modhttpbind}{\modhttpbind{}} & XMPP over Bosh service (HTTP Binding) & \\ \hline \ahrefloc{modhttpfileserver}{\modhttpfileserver{}} & Small HTTP file server & \\ \hline \ahrefloc{modirc}{\modirc{}} & IRC transport & \\ @@ -3117,6 +3119,30 @@ modules: ... \end{verbatim} +\makesubsection{modfail2ban}{\modfailban{}} +\ind{modules!\modfailban{}}\ind{modfail2ban} + +The module bans IPs that show the malicious signs. Currently only C2S authentication +failures are detected. + +Available options: +\begin{description} + \titem{c2s\_auth\_ban\_lifetime: Seconds} The lifetime of the IP ban caused by too + many C2S authentication failures. The default is 3600, i.e. one hour. + \titem{c2s\_max\_auth\_failures: Integer} The number of C2S authentication failures to + trigger the IP ban. The default is 20. +\end{description} + +Example: +\begin{verbatim} +modules: + ... + mod_fail2ban: + c2s_auth_block_lifetime: 7200 + c2s_max_auth_failures: 50 + ... +\end{verbatim} + \makesubsection{modhttpbind}{\modhttpbind{}} \ind{modules!\modhttpbind{}}\ind{modhttpbind} |